- correct logging (tun should not log to console)
- log on failed open or mount of tunnel
- to keep with the principle of least astonishment,
sshsession should *always* remount /srv/* if given -S option

Reference: /n/atom/patch/applied2013/ssh2log
Date: Tue Nov 19 00:36:21 CET 2013
Signed-off-by: quanstro@quanstro.net

--- /sys/src/cmd/ssh2/sshsession.c	Tue Nov 19 00:35:02 2013
+++ /sys/src/cmd/ssh2/sshsession.c	Tue Nov 19 00:35:02 2013
@@ -20,6 +20,22 @@
 char *netmtpt;
 
 void
+logfile(char *fmt, ...)
+{
+	char buf[500];
+	va_list args;
+
+	va_start(args, fmt);
+	if (slfd >= 0)
+		vfprint(slfd, fmt, args);
+	else{
+		vsnprint(buf, sizeof buf, fmt, args);
+		syslog(1, "ssh", "%s", buf);
+	}
+	va_end(args);
+}
+
+void
 usage(void)
 {
 	fprint(2, "usage: sshsession [-s shell] [-r restdir] [-R restdir] [-S srvpt] [-n namespace] [-t]\n");
@@ -29,7 +45,7 @@
 main(int argc, char *argv[])
 {
 	char *filnam, *p, *q;
-	int ctlfd, topctl, fd, n;
+	int havesrv, ctlfd, topctl, fd, n;
 	char buf[128];
 
 	rfork(RFNOTEG);
@@ -37,6 +53,7 @@
 	errfd = create("/tmp/ssh.err", OWRITE, 0664);
 	slfd = open("/dev/syslog", OWRITE);
 	shell = "/bin/rc -il";
+	havesrv = 0;
 	ARGBEGIN {
 	case 'n':
 		nsfile = EARGF(usage());
@@ -54,6 +71,7 @@
 		tflag = 1;
 		break;
 	case 'S':
+		havesrv = 1;
 		srvpt = EARGF(usage());
 		break;
 	default:
@@ -144,15 +162,21 @@
 	fprint(ctlfd, "announce session");
 	filnam = smprint("%s/%s/listen", netdir, buf);
 	fprint(errfd, "listen is %s\n", filnam);
-	if (access(netdir, AEXIST) < 0) {
+	if (havesrv || access(netdir, AEXIST) < 0) {
 		p = smprint("/srv/%s", srvpt ? srvpt : "sshtun");
 		fd = open(p, ORDWR);
 		if (fd < 0) {
-			fprint(errfd, "srv open failed; %r\n");
+			fprint(errfd, "srv open failed: %r\n");
 			fprint(topctl, "hangup");
+			logfile("cannot open tunnel srv %s: %r", p);
+			exits(nil);
+		}
+		if(mount(fd, -1, netmtpt, MBEFORE, "") == -1){
+			fprint(errfd, "mount failed: %r\n");
+			fprint(topctl, "hangup");
+			logfile("cannot mount tunnel %s: %r", p);
 			exits(nil);
 		}
-		mount(fd, -1, netmtpt, MBEFORE, "");
 	}
 	while (1) {
 		fd = open(filnam, ORDWR);
@@ -260,10 +284,7 @@
 					snprint(cmd, 1024, "-s%s", shell);
 				else
 					snprint(cmd, 1024, "");
-				if (slfd > 0)
-					fprint(slfd, "starting ssh shell for %s\n", uname);
-				else
-					syslog(1, "ssh", "starting ssh shell for %s", uname);
+				logfile("starting ssh shell for %s", uname);
 				motdfd = open("/sys/lib/motd", OREAD);
 				if (motdfd >= 0) {
 					while ((n = read(motdfd, buf, 8192)) > 0) {
@@ -308,10 +329,7 @@
 					get_string(p+1, cmd);
 				else
 					confine(p+1, cmd);
-				if (slfd > 0)
-					fprint(slfd, "running %s for %s\n", cmd, uname);
-				else
-					syslog(1, "ssh", "running %s for %s", cmd, uname);
+				logfile("running %s for %s", cmd, uname);
 				runcmd(reqfd, datafd, "rx", "/bin/rc", "-lc", cmd);
 				exits(nil);
 			case -1:
@@ -443,10 +461,7 @@
 			fprint(reqfd, "exit-status %d", *w->msg != 0);
 			free(w);
 		}
-		if (slfd > 0)
-			fprint(slfd, "closing ssh session for %s\n", uname);
-		else
-			syslog(1, "ssh", "closing ssh session for %s", uname);
+		logfile("closing ssh session for %s", uname);
 		fprint(errfd, "closing connection\n");
 		write(reqfd, "close", 5);
 		if (decref(&nchan) == 0) {
--- /sys/src/cmd/ssh2/sshtun.c	Tue Nov 19 00:35:02 2013
+++ /sys/src/cmd/ssh2/sshtun.c	Tue Nov 19 00:35:02 2013
@@ -104,6 +104,22 @@
 MBox keymbox;
 
 void
+logfile(char *fmt, ...)
+{
+	char buf[500];
+	va_list args;
+
+	va_start(args, fmt);
+	if (slfd >= 0)
+		vfprint(slfd, fmt, args);
+	else{
+		vsnprint(buf, sizeof buf, fmt, args);
+		syslog(0, "ssh", "%s", buf);
+	}
+	va_end(args);
+}
+
+void
 usage(void)
 {
 	fprint(2, "usage: sshtun [-d] [-k] [-m mntpt] [-s srvpt]\n");
@@ -2031,10 +2047,7 @@
 				if (strcmp(buf, "ssh-userauth") == 0 || strcmp(buf, "ssh-connection") == 0) {
 					init_packet(p2);
 					p2->c = c;
-					if (slfd > 0)
-						fprint(slfd, "ssh connection from %s\n", c->remote);
-					else
-						syslog(1, "ssh", "ssh connection from %s", c->remote);
+					logfile("ssh connection from %s", c->remote);
 					add_byte(p2, SSH_MSG_SERVICE_ACCEPT);
 					add_string(p2, buf);
 					n = finish_packet(p2);
@@ -2637,19 +2650,13 @@
 					c->cap = mkcap(me, user);
 					init_packet(p2);
 					p2->c = c;
-					if (slfd > 0)
-						fprint(slfd, "ssh logged in as %s\n", user);
-					else
-						syslog(1, "ssh", "ssh logged in as %s", user);
+					logfile("ssh logged in as %s", user);
 					add_byte(p2, SSH_MSG_USERAUTH_SUCCESS);
 				}
 				else {
 					init_packet(p2);
 					p2->c = c;
-					if (slfd > 0)
-						fprint(slfd, "ssh public key login failure for %s\n", user);
-					else
-						syslog(1, "ssh", "ssh public key login failure for %s", user);
+					logfile("ssh public key login failure for %s", user);
 					add_byte(p2, SSH_MSG_USERAUTH_FAILURE);
 					add_string(p2, "password,publickey");
 					add_byte(p2, 0);
@@ -2694,10 +2701,7 @@
 		if (ai == nil) {
 			if (debug)
 				fprint(2, "Auth error: %r\n");
-			if (slfd > 0)
-				fprint(slfd, "ssh login failure for %s: %r\n", user);
-			else
-				syslog(1, "ssh", "ssh login failure for %s: %r", user);
+			logfile("ssh login failure for %s: %r", user);
 			add_byte(p2, SSH_MSG_USERAUTH_FAILURE);
 			add_string(p2, "password,publickey");
 			add_byte(p2, 0);
@@ -2712,10 +2716,7 @@
 				c->cap = estrdup9p("n/a");
 			else
 				c->cap = estrdup9p(ai->cap);
-			if (slfd > 0)
-				fprint(slfd, "ssh logged in as %s\n", user);
-			else
-				syslog(1, "ssh", "ssh logged in as %s", user);
+			logfile("ssh logged in as %s", user);
 			add_byte(p2, SSH_MSG_USERAUTH_SUCCESS);
 			auth_freeAI(ai);
 		}
@@ -2878,12 +2879,8 @@
 		c->state = Closed;
 		return;
 	}
-	if (c->role == Server && c->remote) {
-		if (slfd > 0)
-			fprint(slfd, "closing ssh connection from %s\n", c->remote);
-		else
-			syslog(1, "ssh", "closing ssh connection from %s", c->remote);
-	}
+	if (c->role == Server && c->remote)
+		logfile("closing ssh connection from %s", c->remote);
 	fprint(c->ctlfd, "hangup");
 	close(c->ctlfd);
 	close(c->datafd);